From owner-soc-status@freebsd.org Mon Jul 22 17:56:00 2019 Return-Path: Delivered-To: soc-status@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 24EDBB78B8 for ; Mon, 22 Jul 2019 17:56:00 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 61CA48279F for ; Mon, 22 Jul 2019 17:55:58 +0000 (UTC) (envelope-from therontarigo@gmail.com) Received: by mail-pg1-f170.google.com with SMTP id n9so11798228pgc.1 for ; Mon, 22 Jul 2019 10:55:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=b9ltz+kCfxLiuqX+w6V4+h6+WUgvqp8MxNrqvwQ0rxQ=; b=bqr1odckQrh0MwGUyTQvFon8K66EmGoc2fyHe9P2rVWtEe3qpddeZHM+iOjQUhHgsr gqwKKXNNCETfQkEsX0Nc9f6+wGEp9VeksSjgHiDz9UCW9T/1EnXV9P/IBjJnBIL8mNYs eP4lb4fWPd4ge4Sk9Em0M7wa1+kT8bIEJJ0wrhRUqmks+P2gNo3zhxLIDvB2NActXA1y 379FbrcpycTxMTD1Ol9hRaJdsmPXRuJVMa2I9Z/CUFbJogzGt26yMBvAUnsBeAndcKgQ E1jzWWMWjHxd7TRaWTAsnjHzYUQOdd6d4CFZeCa8dcOSlgpAMrST9B3xbvIbPVUudLxI PaEA== X-Gm-Message-State: APjAAAVZFj+5IFIsBT8kbiRiuZrnEK3g9T3F1ueljEHFjdSP1TDspusn x5+2561M3GeWm76/yG4pwDQ= X-Google-Smtp-Source: APXvYqzaBkb39gcxjYytsYEUlG/ao9cSS0VdiE96mJAal83gH3hfxoxhR5cXrQ32x23bPP/LTw0ivg== X-Received: by 2002:aa7:9513:: with SMTP id b19mr1436478pfp.30.1563818151408; Mon, 22 Jul 2019 10:55:51 -0700 (PDT) Received: from [192.168.1.21] (c-73-170-47-221.hsd1.ca.comcast.net. [73.170.47.221]) by smtp.gmail.com with ESMTPSA id u3sm35385679pjn.5.2019.07.22.10.55.50 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 22 Jul 2019 10:55:50 -0700 (PDT) To: soc-status@freebsd.org From: Theron Tarigo Subject: GSoC: Separation of Ports Build Process from Local Installation Message-ID: <0016ceb4-b36e-8fa8-6597-8256541a96a8@freebsd.org> Date: Mon, 22 Jul 2019 10:55:49 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 61CA48279F X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 209.85.215.170 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-6.11 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; IP_SCORE(-3.15)[ip: (-9.84), ipnet: 209.85.128.0/17(-3.44), asn: 15169(-2.43), country: US(-0.05)]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[soc-status@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[170.215.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.95)[-0.952,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[theron@freebsd.org,therontarigo@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[theron@freebsd.org,therontarigo@gmail.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jul 2019 17:56:00 -0000 Hello all, This project aims to decouple the build process of the ports framework from the local installation.  To work around the assumptions made by ports about dependency file locations, a userspace tool to remap processes' filesystem namespaces is under development: freebsd-user-namespace, provided as port devel/userns. This past week, I have made the following progress: - Eliminated the need for any special setup to be able to use PORTS_SEPARATED_BUILD.  The mode may be enabled by this one variable, at the command line or in /etc/make.conf. - Created a lightweight framework for testing large numbers of ports under the separated build mode.  It does the following:       - Handles FLAVORS.       - Saves success/failure/skipped status.       - Skips ports which have failed dependencies.       - Builds each port in its own pristine environment.         (This allows concurrent building of unrelated ports)       - Saves success/failure/skipped status.       - Skips ports which have failed dependencies.       - Builds each port in its own pristine environment.         (This allows parallel (concurrent) port build to work) - Attempted build of 2000 ports, selected at random, and their dependencies. - Identified (and applied temporary fixes for) some ports causing highest number of skipped dependents. - Retried the skipped ports. - Developed a plan of a general fix for the most common cause of failure: custom target definitions in port Makefiles running build tools (also from ports) without the userns wrapper. Latest summary of port building success: - 5613 ports tried - 2958 (53%) succeeded - 177 (3%) failed - 2478 (44%) skipped due to failed dependencies - Success rate: 94% What I am working on next: - Implement the planned solution for running build tools inside userns wrapper. - Compare the packages built by separated-build method to either official packages or ports built by original FreeBSD method.  Any differences should be attributable to built times and hostnames. - Debug the ports which fail by segfaut or buserror; this implicates userns library. - Provide more thorough documentation of PORTS_SEPARATED_BUILD, in particular its usage and its limitations, so that users and devs interested in this project can more easily test it for themselves. Project goals and status are kept at https://wiki.freebsd.org/SummerOfCode2019Projects/PortsSeparatedBuild . Source of the userspace filesystem namespace tool is shared at https://github.com/therontarigo/freebsd-user-namespace . Changes to ports framework are shared at https://github.com/freebsd/freebsd-ports/compare/master...therontarigo:separated. Theron Tarigo From owner-soc-status@freebsd.org Tue Jul 23 08:41:32 2019 Return-Path: Delivered-To: soc-status@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5BAD7A3B1A for ; Tue, 23 Jul 2019 08:41:32 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 12B468655F; Tue, 23 Jul 2019 08:41:30 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ed1-f49.google.com with SMTP id v15so43066654eds.9; Tue, 23 Jul 2019 01:41:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yC/h7MW15JuJdrZOTWMxAxY3Qg9kFqKXsBKThmrpU/k=; b=PmjiPFEQKD7bBFNWs82QRe1chEOIMfrQUIS8sZ5PbveNiZvdbZz9N9hl9ZktFcMIju UCNvhSd8fIEvRfaAuqmvu3hgyVmAsCsqFLgYW1pFH7EnikxIMIXlQ35itT3BwwiGLL64 C5dDTJiXf05duFHpoozSyh4C0NAE+AsVYsSeS73G6DrL3wLlCRUcb0T9gKISuqiHxfKc xMky3as46TSBBbwOOTS5OkNYqziQ5oCVfKKIAh/UxdEuwJJW1tqIig+XxYZCHUCjl4Ju K97xRsvNbdjsbsILOBTsjyxgS+NFosVLz1F55oELx2tnU12RYO/Xu/n6ewhkjNYzV3mz lucg== X-Gm-Message-State: APjAAAX3KCmebgoL3v1Jd/bgeDDXO0J9ZWCOpuPAbkSYvbWz5YXZGhnE EjZBuNYmFoumAL8NHewtSodGua78Nq4= X-Google-Smtp-Source: APXvYqx4OAewzPnIyFVNkVdyt8/NOyAlm6fN8diXfXHTwbJ4YAO8kZKNh0T3d/vCPTqeS3AoQulMIA== X-Received: by 2002:a17:906:8386:: with SMTP id p6mr55909724ejx.139.1563871284351; Tue, 23 Jul 2019 01:41:24 -0700 (PDT) Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com. [209.85.208.51]) by smtp.gmail.com with ESMTPSA id l35sm11824991edc.2.2019.07.23.01.41.23 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 23 Jul 2019 01:41:24 -0700 (PDT) Received: by mail-ed1-f51.google.com with SMTP id k21so43075431edq.3; Tue, 23 Jul 2019 01:41:23 -0700 (PDT) X-Received: by 2002:a50:ed13:: with SMTP id j19mr17675633eds.8.1563871283566; Tue, 23 Jul 2019 01:41:23 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Tue, 23 Jul 2019 14:11:12 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: [GSoC'19 Weekly Update] MAC policy on IP addresses in Jail To: soc-status@freebsd.org, "Bjoern A. Zeeb" X-Rspamd-Queue-Id: 12B468655F X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 209.85.208.49 as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-4.02 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TAGGED_RCPT(0.00)[soc]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; MIME_TRACE(0.00)[0:+,1:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[49.208.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.04)[-0.040,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[shivank@freebsd.org,shivankgarg98@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[shivank@freebsd.org,shivankgarg98@gmail.com]; IP_SCORE(-1.97)[ip: (-3.92), ipnet: 209.85.128.0/17(-3.44), asn: 15169(-2.43), country: US(-0.05)] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jul 2019 08:41:32 -0000 Hi everyone! This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. This week I made the following progress- * corrected the code style and indentation issues. * added the BSD license for the new module. * added the man page for the module Currently, the code is under review here- https://reviews.freebsd.org/D20967 Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg